DiscussionSLA
Sign inSign up

Troubleshooting License Connection Issues

Published 6 months ago

# SafeLine WAF
Resources

Published 6 months ago

xiaobing.wang

Updated 2 months ago

3

Some professional users may encounter a connection error when activating a license key. This error indicates a communication issue between your SafeLine server and our license server. Follow the steps below to find and resolve the issue.

Step 0: Set License Server Domain Variable

First, set the license server domain based on your WAF version:

1# For WAF version >= 8.0.0
2LICENSE_SERVER="safeline.stream.safepoint.cloud"
3
4# For WAF version < 8.0.0
5LICENSE_SERVER="safeline-cloud.chaitin.com"

Step 1: Verify Host Network Connectivity

Run a telnet test on the SafeLine server to check if the network is functioning properly. If you see Connected to $LICENSE_SERVER, the host network is working correctly.

1$ telnet $LICENSE_SERVER 50052
2Trying 120.26.93.124...
3Connected to $LICENSE_SERVER.
4Escape character is '^]'.
5^C
6Connection closed by foreign host.

If the connection fails, check if the host has internet access and if the cloud provider's security group allows outbound traffic.

Step 2: Verify Container Network Connectivity

The SafeLine licensing client runs inside the safeline-mgt container. If the host network is working, confirm that the container can access the internet. Since telnet is not available in the mgt container, use ping to check network connectivity:

1$ docker exec safeline-mgt ping $LICENSE_SERVER
2PING $LICENSE_SERVER (120.26.93.124): 56 data bytes
364 bytes from 120.26.93.124: seq=0 ttl=44 time=32.424 ms
464 bytes from 120.26.93.124: seq=1 ttl=44 time=32.374 ms

If ping fails, analyze traffic flow as follows:

Check iptables Rules

Inspect outbound rules for any DROP entries:

1iptables -L -v -n --line-numbers

Use tcpdump to Capture Traffic

Capture TCP traffic between the server and the licensing server to determine if the handshake completes successfully.

1$ tcpdump -i any -nn host $LICENSE_SERVER

Example output:

16:45:45.253527 eth0  Out IP 172.22.189.247.42790 > 120.26.93.124.50052: Flags [S], seq 808064468, win 64240, options [mss 1460,sackOK,TS val 1020606707 ecr 0,nop,wscale 7], length 0
16:45:45.283391 eth0  In  IP 120.26.93.124.50052 > 172.22.189.247.42790: Flags [S.], seq 3474622497, ack 808064469, win 65160, options [mss 1460,sackOK,TS val 1564198957 ecr 1020606707,nop,wscale 7], length 0

Conclusion

  • If iptables or nftables blocks traffic, adjust the rules.
  • If SYN packets are sent but no response is received, investigate network issues or check if the target server is reachable.
  • If NAT/SNAT issues exist, inspect iptables -t nat rules.

Start by capturing packets to confirm if SYN packets are sent successfully, then use iptables and conntrack tools for further debugging.

profile_photo

Masiyus94

Updated 13 hours ago

0

00020101021226650013ID.NETZME.WWW01189360081401001050240215ID10253992142340303UKE51440014ID.CO.QRIS.WWW0215ID10253992142340303UKE5204573453033605405200005802ID5914Kyoka Computer6013JAKARTA PUSAT61051015062690703A010812qris_invoice994200020001329b6d2ce436214ad0a0b8929723cfc3026304621A

profile_photo

Masiyus94

Updated 13 hours ago

0

00020101021226650013ID.NETZME.WWW01189360081401001050240215ID10253992142340303UKE51440014ID.CO.QRIS.WWW0215ID10253992142340303UKE5204573453033605405200005802ID5914Kyoka Computer6013JAKARTA PUSAT61051015062690703A010812qris_invoice994200020001329b6d2ce436214ad0a0b8929723cfc3026304621A

Related Posts
#
icon for dangerous category ip label
#
Upstream and loabalancing
#
I am getting the following error when attempting to upgrade from v7.3.1 to latest
#
NextCloud + SafeLine Waf
#
Protection Policy
Troubleshooting License Connection Issues | SafePoint